07:15 PM
Connect Directly
Repost This

E-Mail In Peril

Ever-more-sophisticated e-mail attacks threaten to swamp this vital business tool. Can anyone throw us a lifeline?

E-mail as we know it is under duress. Ever-increasing loads of spam--estimated at up to 98% of all e-mail--is drowning out the messages business users need to see. Highly targeted phishing attacks are making news and leaving customers and employees jumpy. And for IT, concerns about sensitive data traveling the Internet unencrypted mean valuable e-mail business uses aren't even being considered.

We spoke with a variety of security vendors to see if there's any hope. Big trends include e-mail security in the cloud, led by Google's Postini; use of cryptographic signatures to thwart phishing; advances in encryption and key management; and merging of data leak prevention with mail systems.

InformationWeek Reports

One surprising finding is that the days of software-only e-mail security appear to be coming to an end. Even Sendmail, a descendant of the Internet's original Message Transfer Agent that has long been distributed as both open source and proprietary software, is now moving to an appliance model. Sendmail CEO Don Massaro ascribes this shift to simpler installation and integration as well as performance gains over software installed on commodity hardware and a stock operating system.

You don't just need to secure e-mail: IM is also proving a vector for data loss. We discuss how to stay safe.

Form factor isn't the only place we're seeing evolution. Last week's--or even yesterday's--spam-control techniques can't keep up with constantly increasing attacker sophistication (see Our Take: Any Spam is too Much). As in the security infrastructure, spam-control vendors are banking on multilayered defenses. Barracuda Networks' Spam Firewall filters messages through 11 layers, while Sendmail employs an "anti-spam cocktail," where many individual tests combine to give messages a "spamminess" score, says Greg Olsen, the company's director of product management.

In the past, a significant portion of the anti-spam arsenal involved blacklists and greylisting, but the efficacy of those tactics has decreased, forcing vendors to add new twists. Replacing, or at least augmenting, blacklists is the concept of reputation. Using their vast reach into the Internet mail stream, vendors track the IP addresses sending e-mail. Addresses known to send large amounts of valid mail don't need to be checked as thoroughly, but a node that suddenly starts spewing millions of messages would warrant suspicion. Where an older system might have used greylisting to simply delay delivery of all e-mail in the hopes the spammer wouldn't bother resending, today's systems selectively delay mail from nodes believed to be sending spam, or throttle the bandwidth available to those it's unsure about, until a decision is made.

Once a connection has been accepted, messages are individually scanned. The companies we spoke with perform extensive analysis, though not by trying to interpret a message's meaning, as in the past. While vendors are leery of sharing specifics, they all scrutinize thousands of attributes of a message and compare them against those found in millions of other messages to identify common elements in spam.

Impact Assessment: E-Mail Security

(click image for larger view)

1 of 4
Comment  | 
Print  | 
More Insights
The Agile Archive
The Agile Archive
When it comes to managing data, donít look at backup and archiving systems as burdens and cost centers. A well-designed archive can enhance data protection and restores, ease search and e-discovery efforts, and save money by intelligently moving data from expensive primary storage systems.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Elite 100 - 2014
Our InformationWeek Elite 100 issue -- our 26th ranking of technology innovators -- shines a spotlight on businesses that are succeeding because of their digital strategies. We take a close at look at the top five companies in this year's ranking and the eight winners of our Business Innovation awards, and offer 20 great ideas that you can use in your company. We also provide a ranked list of our Elite 100 innovators.
Twitter Feed
Audio Interviews
Archived Audio Interviews
GE is a leader in combining connected devices and advanced analytics in pursuit of practical goals like less downtime, lower operating costs, and higher throughput. At GIO Power & Water, CIO Jim Fowler is part of the team exploring how to apply these techniques to some of the world's essential infrastructure, from power plants to water treatment systems. Join us, and bring your questions, as we talk about what's ahead.